ReceivableIQ← Back to Home

Security Overview

Last Updated: Version 1.0 — 18 May 2026

For IT security teams and enterprise customers conducting vendor due diligence.

1. Summary

ReceivableIQ is built on enterprise-grade cloud infrastructure. Customer data is encrypted in transit and at rest, isolated per customer at the database level, and is never shared with or used to train AI models. A full Data Processing Agreement (DPA) is available on request.

2. Infrastructure

LayerProviderCertifications
Database / AuthSupabase on AWSSOC 2 Type II, ISO 27001
App HostingVercelSOC 2 Type II
AI ProcessingAnthropicCommercial DPA, no training on customer data
DDoS / NetworkCloudflareSOC 2 Type II, ISO 27001
Data RegionAWS Japan (ap-northeast-1)AWS-certified region

GCC data residency is available for enterprise customers.

3. Data Encryption

  • TLS 1.2+ for all data in transit
  • AES-256 for all data at rest
  • Backups are encrypted at rest
  • Encryption is enforced and managed by AWS

4. Tenant Isolation

  • Row-level security (RLS) is enforced at the database level.
  • It is technically impossible for one customer to read or modify another customer's data.
  • Isolation is enforced by the database, not by application code alone.

5. Authentication

  • Supabase Auth with JWT tokens
  • Passwords stored as bcrypt hashes
  • Sessions expire on inactivity
  • Multi-factor authentication (MFA) is available
  • Role-based access control within each organisation

6. AI Data Handling

What is and is not sent to AI providers:

FieldSent to AI
Company names and industriesYES
Invoice amounts and aging bucketsYES
Aggregated AR patternsYES
Email addressesNEVER
Phone numbersNEVER
Free-text notesNEVER
Uploaded documentsNEVER
  • Anthropic does not use customer data for model training.
  • An AI kill switch is available per organisation.

7. Audit Logging

The following events are logged:

  • Every login and logout
  • Every AI call, including the model version
  • Every report generated
  • Every import and export
  • Every administrative action

Audit logs are retained for 7 years and are available to enterprise customers on request.

8. AI Governance

  • Immutable report storage (Clause 9 of the AI Governance Policy).
  • Full AI audit trail including the model version (Clause 12).
  • Per-tenant kill switch (Clause 13).
  • No automated decisions — all AI output is advisory only.

9. Incident Response

  • We investigate and contain incidents immediately.
  • We notify affected customers within 72 hours of discovering a personal data breach.
  • A full incident report is provided to affected customers.
  • We cooperate fully with regulators.

10. Compliance

FrameworkStatus
UAE PDPLCompliant
Saudi Arabia PDPLCompliant
EU GDPRCompliant where applicable
Pakistan Data ProtectionAligned

11. Data Processing Agreement

A full DPA is available to enterprise customers. Contact legal@receivable-iq.com to request a copy.

12. Contact

For security enquiries, vendor assessments, or additional documentation, contact legal@receivable-iq.com.


Version 1.0 — 18 May 2026

ReceivableIQ
a FINTECH SOLUTIONS product
© 2025–2026 FINTECH SOLUTIONS. All rights reserved.
Legal
Terms and ConditionsPrivacy PolicyRefund PolicySecurity Overview